Wholesale funds transfer systems are high risk. Therefore,
management should configure hardware and software components to
control access and support effective monitoring. Management should
develop change management procedures to ensure the integrity of the
hardware configurations and applications software. Operations
personnel should have the appropriate procedures to manage critical
payment systems software.

Applications should employ strong user authentication, support
user entitlement (information access and function controls)
administration, and provide audit trails in sufficient detail to
support the analysis or investigation of specific transactions.
Management should enable funds transfer activity logs and designate
independent staff members to monitor operations, applications
support, system administration, and security administrators'
activities associated with the funds transfer system.

Telecommunications systems employed for EFT can range from a
dial-up connection between the institution and payments system
(e.g., FedLine) to terminal connections with institution staff and
customers that transmit institution's funds transfer system payment
orders directly to Fedwire Funds Service via CI connection. An
institution's information security program should include access,
authentication, and transmission controls surrounding wire room
activities and all terminal connections. Access and authentication
controls may consist of personal identification numbers, passwords,
or other identifying keys such as account numbers, balances, or
other financial data. Financial institutions should use encryption
as a means of protecting data throughout the EFT system. Encrypting
data during transmission allows institutions to scramble the
contents of message/payment orders during transmission and limit
the value of the information to an interloper even if a
transmission is intercepted. Nevertheless, financial institutions
should monitor or prevent access to funds transfer activity by data
processing personnel who have access to communications equipment
and can monitor and record data flowing in clear text from
encryption devices.